Remove matrix parameters from s3_auth plugin (#11586)

maskit · cmcfarlen · commit 3f41554f5e30 · 2024-07-26T09:14:55.000-05:00
* Remove matrix parameters from s3_auth plugin * Fix for clang-analyzer (cherry picked from commit 4bbe59a)
diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc
@@ -315,11 +315,6 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool signPayload, const StringSe
   str = api.getPath(&length);
   String path("/");
   path.append(str, length);
-  str = api.getParams(&length);
-  if (length > 0) {
-    path.append(";", 1);
-    path.append(str, length);
-  }
   String canonicalUri = canonicalEncode(path, /* isObjectName */ true);
   sha256Update(&canonicalRequestSha256Ctx, canonicalUri);
   sha256Update(&canonicalRequestSha256Ctx, "\n");
diff --git a/plugins/s3_auth/aws_auth_v4.h b/plugins/s3_auth/aws_auth_v4.h
@@ -47,7 +47,6 @@ class TsInterface
   virtual const char    *getMethod(int *length) = 0;
   virtual const char    *getHost(int *length)   = 0;
   virtual const char    *getPath(int *length)   = 0;
-  virtual const char    *getParams(int *length) = 0;
   virtual const char    *getQuery(int *length)  = 0;
   virtual HeaderIterator headerBegin()          = 0;
   virtual HeaderIterator headerEnd()            = 0;
diff --git a/plugins/s3_auth/aws_auth_v4_wrap.h b/plugins/s3_auth/aws_auth_v4_wrap.h
@@ -108,11 +108,6 @@ class TsApi : public TsInterface
     return TSUrlPathGet(_bufp, _url, len);
   }
   const char *
-  getParams(int *len) override
-  {
-    return TSUrlHttpParamsGet(_bufp, _url, len);
-  }
-  const char *
   getQuery(int *len) override
   {
     return TSUrlHttpQueryGet(_bufp, _url, len);
diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
@@ -841,12 +841,11 @@ S3Request::authorizeV2(S3Config *s3)
 {
   TSHttpStatus status   = TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
   TSMLoc       host_loc = TS_NULL_MLOC, md5_loc = TS_NULL_MLOC, contype_loc = TS_NULL_MLOC;
-  int          method_len = 0, path_len = 0, param_len = 0, host_len = 0, con_md5_len = 0, con_type_len = 0, date_len = 0;
-  const char  *method = nullptr, *path = nullptr, *param = nullptr, *host = nullptr, *con_md5 = nullptr, *con_type = nullptr,
-             *host_endp = nullptr;
-  char      date[128]; // Plenty of space for a Date value
-  time_t    now = time(nullptr);
-  struct tm now_tm;
+  int          method_len = 0, path_len = 0, host_len = 0, con_md5_len = 0, con_type_len = 0, date_len = 0;
+  const char  *method = nullptr, *path = nullptr, *host = nullptr, *con_md5 = nullptr, *con_type = nullptr, *host_endp = nullptr;
+  char         date[128]; // Plenty of space for a Date value
+  time_t       now = time(nullptr);
+  struct tm    now_tm;
 
   // Start with some request resources we need
   if (nullptr == (method = TSHttpHdrMethodGet(_bufp, _hdr_loc, &method_len))) {
@@ -856,9 +855,6 @@ S3Request::authorizeV2(S3Config *s3)
     return TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
   }
 
-  // get matrix parameters
-  param = TSUrlHttpParamsGet(_bufp, _url_loc, &param_len);
-
   // Next, setup the Date: header, it's required.
   if (nullptr == gmtime_r(&now, &now_tm)) {
     return TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
@@ -920,12 +916,7 @@ S3Request::authorizeV2(S3Config *s3)
       loff += str_concat(&left[loff], (left_size - loff), "/", 1);
     }
 
-    loff += str_concat(&left[loff], (left_size - loff), path, path_len);
-
-    if (param) {
-      loff += str_concat(&left[loff], (left_size - loff), ";", 1);
-      str_concat(&left[loff], (left_size - loff), param, param_len);
-    }
+    str_concat(&left[loff], (left_size - loff), path, path_len);
 
     Dbg(dbg_ctl, "%s", left);
   }
@@ -962,10 +953,6 @@ S3Request::authorizeV2(S3Config *s3)
   }
 
   HMAC_Update(ctx, (unsigned char *)path, path_len);
-  if (param) {
-    HMAC_Update(ctx, reinterpret_cast<const unsigned char *>(";"), 1); // TSUrlHttpParamsGet() does not include ';'
-    HMAC_Update(ctx, (unsigned char *)param, param_len);
-  }
 
   HMAC_Final(ctx, hmac, &hmac_len);
 #ifndef HAVE_HMAC_CTX_NEW
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
@@ -433,7 +433,6 @@ TEST_CASE("AWSAuthSpecByExample: GET Object", "[AWS][auth][SpecByExample]")
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("test.txt");
-  api._params.assign("");
   api._query.assign("");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Range", "bytes=0-9"));
@@ -479,7 +478,6 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle", "[AWS][auth][SpecByExamp
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("lifecycle");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -524,7 +522,6 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects", "[AWS][auth][SpecByEx
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -616,7 +613,6 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, unsigned pay-load, exc
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));
@@ -666,7 +662,6 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, query param value alre
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("PATH==");
-  api._params.assign("");
   api._query.assign("key=TEST==");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));
@@ -713,7 +708,6 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name fields", "[AWS][auth][
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -778,7 +772,6 @@ TEST_CASE("S3AuthV4UtilParams: include all headers by default", "[AWS][auth][uti
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -813,7 +806,6 @@ TEST_CASE("S3AuthV4UtilParams: include all headers explicit", "[AWS][auth][SpecB
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -884,7 +876,6 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non overlapping headers", "[AWS][
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -919,7 +910,6 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers", "[AWS][auth
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -955,7 +945,6 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing inclu
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -991,7 +980,6 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing exclu
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1030,7 +1018,6 @@ TEST_CASE("S3AuthV4UtilParams: include content type", "[AWS][auth][utility]")
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1064,7 +1051,6 @@ TEST_CASE("S3AuthV4UtilParams: include missing content type", "[AWS][auth][utili
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
-  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
@@ -95,12 +95,6 @@ class MockTsInterface : public TsInterface
     return _path.c_str();
   }
   const char *
-  getParams(int *length) override
-  {
-    *length = _params.length();
-    return _params.c_str();
-  }
-  const char *
   getQuery(int *length) override
   {
     *length = _query.length();
@@ -120,7 +114,6 @@ class MockTsInterface : public TsInterface
   String         _method;
   String         _host;
   String         _path;
-  String         _params;
   String         _query;
   HeaderMultiMap _headers;
 };

Original file line number	Diff line number	Diff line change
`@@ -108,11 +108,6 @@ class TsApi : public TsInterface`
`108`	`108`	`return TSUrlPathGet(_bufp, _url, len);`
`109`	`109`	`}`
`110`	`110`	`const char *`
`111`		`- getParams(int *len) override`
`112`		`- {`
`113`		`- return TSUrlHttpParamsGet(_bufp, _url, len);`
`114`		`- }`
`115`		`- const char *`
`116`	`111`	`getQuery(int *len) override`
`117`	`112`	`{`
`118`	`113`	`return TSUrlHttpQueryGet(_bufp, _url, len);`